New Study from IBM

‘A deepening public crisis [in terms of continuously increasing “phraud”] would mean the Internet would begin to lose credibility and acceptance for economic transactions when it should be gaining that acceptance… The absence of an identity layer is one of the key factors limiting the further settlement of cyberspace.’

‘Consumers fear their personal information will be stolen over the holidays and are altering their behavior because of it, according to a new survey commissioned by IBM.

‘Sixty-one percent of respondents in the survey, conducted by Opinion Research Corp., said they believe their bank cards are vulnerable during the holidays. Forty-nine percent of holiday shoppers said they fear their credit and debit information could be stolen, and 46 percent worry about personal information theft.

‘One out of seven Americans, or 14 percent, has had a credit card stolen, according to the sampling of 1,000 adult consumers. Ten percent of the victims said the theft occurred over the holidays. A third of them said it will affect their behavior. Nearly 20 percent plan to avoid or reduce online transactions for the rest of the year.

‘Two-thirds said they are more concerned about fraud and identity theft than they were a year ago. Half said online purchases are most worrisome, and 49 percent said they believe phone transactions are risky.

‘One-third of cardholders who believe they are vulnerable said they would spend less this year on online purchases than they have in the past. Thirty-one percent said they would spend less through catalogs. Twenty-nine percent said they would spend less at stores.

‘Half of the respondents said they would feel more secure with biometrics. One-third said they favor iris scanning. Forty percent said their fears could be alleviated by encryption and technology to prevent forgery, but 75 percent don't plan to upgrade security on their computers.

‘More consumers hold credit card companies responsible for their information than retailers , by a margin of 27 percent to 15 percent. And 26 percent believe individuals are responsible for keeping their information secure. ‘

As web sites begin to take advantage of InfoCards, users will get an initial upgrade in security without earmarking any money for security (a good thing if 75% don't currently plan to upgrade security on their computers!). This stems from use of strong cryptography in the builtin (“starter”) self-asserted identity provider, and “managed” identity providers “run” by third parties.

But let's suppose that later, when purchasing a new computer (or mouse), the user selects one with a built-in fingerprint sensor. How hard will it be to begin taking advantage of that sensor?

In a metasystem, it is possible to factor biometric devices so the system easily incorporates use of new underlying authentication technology.

In this example, after installing the new computer (or mouse), the user can employ InfoCards that require her to present her fingerprint. Later, if she decides she doesn't like using a fingerprint, she can go back to what she was doing before – or try something new. In other words, be human. Importantly, none of these changes require changes to the web sites she visits, which can be insulated from the vagaries of identity technology.

The analogy I'm trying to make is this: we can plug in different keyboards or different video displays until we find one that meets our needs. As users we require the same flexibility in deciding how we protect our identities. At the same time, clearly we can't ask every web site to know all about our identity configurations. Thus the need for an identity metasystem.